package com.boot2.core.utils;

import com.boot2.core.web.xss.HTMLFilter;
import lombok.extern.apachecommons.CommonsLog;

/**
 * @author zhangweilin
 * @description: xss工具
 * @date 2018/11/20
 */
@CommonsLog
public class XSSUtil {

    /**
     * 将容易引起xss漏洞的半角字符直接替换成全角字符
     *
     * @param s
     * @return
     */
    public static String xssEncode(String s) {
        // System.out.println("xssEncode2: " + s);
        if (s == null || s.isEmpty()) {
            return s;
        }
        try {
            HTMLFilter htmlFilter = new HTMLFilter();
            htmlFilter.setEncodeQuotes(false);
            // String clean = htmlFilter.htmlSpecialChars(s);
            s = s.trim();
            String clean = htmlFilter.filter(s);
            // String clean = StringEscapeUtils.escapeHtml4(s);

            return clean;
        } catch (NullPointerException e) {
            return s;
        } catch (Exception ex) {
            ex.printStackTrace();
            log.error("xss过滤失败", ex);
        }

        return null;
    }
}
